If you can't read please download the document
Upload
lytu
View
232
Download
13
Embed Size (px)
Citation preview
PAGE
ADMT Active Directory
Microsoft Corporation
2010 6
Justin Hall
JimBeckerMargery Spears
Active Directory 3.1 (ADMT v3.1) ADMT v3.2 Active Directory () Active Directory () ADMT ActiveDirectory
( URL ) Microsoft Corporation () (retrieval system)
Microsoft Microsoft
2010 Microsoft Corporation.All rights reserved.
Active DirectoryMicrosoftWindows Windows Server Microsoft Corporation () /
9ADMT Active Directory
9 Active Directory
10 Active Directory
11
11Active Directory
13
13SourceName
14TargetName
14TargetRDNTargetSAM TargetUPN
14
15
15
17Active Directory
19 Windows Server
20Active Directory
20 Active Directory
21
22
22
23 Active Directory
24
26 Active Directory
26 Active Directory
27 Active Directory
27
28
29 Active Directory
29
31 SID
32 SID
32
34
36
37
37
38
38
38
39
39
40 Windows Vista Windows 7
41
41
42
42
42
42
42
42
43 128
43
44
47 SID
48 OU
48 ADMT
49 ADMT v3.1
49 ADMT v3.1
49 ADMT v3.1
51 ADMT v3.2
51 ADMT v3.2
52 ADMT v3.2
53 ADMT SQL Server
53 Admtdb.exe
54 ADMT
55
57 ADMT
59
59
63
63
68
71 SID
74
77
82
82
85
89
94
94
97 SID
99
103
107
110
110
114
118
122
122
126
129
130
135
138
138
139
142
143 Active Directory
143
145 Active Directory
146 ADMT v3.1 Active Directory
146 Active Directory
147
147
148
148SID
149
149 Active Directory
150 Active Directory
151
151 OU
151
153
154
156
157
157
157
158
158
158
158
158
160 ADMT
160 ADMT v3.1
160 ADMT v3.1
161 ADMT v3.1
162 ADMT v3.2
163 ADMT v3.2
163 ADMT v3.2
164 ADMT SQL Server
164 Admtdb.exe
166 ADMT
166
170 Active Directory
170 Active Directory
171
172
175
178
182
185
186 OU
186
190
193
198
200 Active Directory
201
201
202 ADMT
202
202
205 SID
206
206
206
207
208
209
209
211
213 ADMT
213 ADMT
214
215
216
217
218
219
220
222
223 ADMT
224 ADMT
224
225
225
225
226
ADMT Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(.doc ) ADMT Active Directory (http://go.microsoft.com/fwlink/?LinkId=191734) ()
Active Directory Active Directory (AD DS)
Active Directory
Active Directory Active Directory AD DS
Active Directory (ADMT) ADMT Active Directory
Active Directory
Active Directory
Active Directory
ADMT
ADMT
Active Directory
()
() (http://go.microsoft.com/fwlink/?LinkId=121736) ()
ADMT v3.1 Microsoft Windows 2000 ADMT v3.2 Windows Server 2003
Active Directory
ADMT v3.1 Windows 2000 ADMT v3.2 Windows Server 2003
(SID)
SID
SID
ADMT
(GUID)
Active Directory (http://go.microsoft.com/fwlink/?LinkId=122123) ()
Active Directory
Active Directory Active Directory
SID
Active Directory
ADMT Active Directory
ADMT ADMT ADMT ADMT
ADMT
[Migration]
;IntraForest=No
;SourceDomain="source_domain_name"
;SourceOu="source_ou_path"
;TargetDomain="target_domain_name"
;TargetOu="target_ou_path"
;PasswordOption=Complex
;PasswordServer=""
;PasswordFile=""
;ConflictOptions=Ignore
;UserPropertiesToExclude=""
;InetOrgPersonPropertiesToExclude=""
;GroupPropertiesToExclude=""
;ComputerPropertiesToExclude=""
[User]
;DisableOption=EnableTarget
;SourceExpiration=None
;MigrateSIDs=Yes
;TranslateRoamingProfile=No
;UpdateUserRights=No
;MigrateGroups=No
;UpdatePreviouslyMigratedObjects=No
;FixGroupMembership=Yes
;MigrateServiceAccounts=No
;UpdateGroupRights=No
[Group]
;MigrateSIDs=Yes
;UpdatePreviouslyMigratedObjects=No
;FixGroupMembership=Yes
;UpdateGroupRights=No
;MigrateMembers=No
;DisableOption=EnableTarget
;SourceExpiration=None
;TranslateRoamingProfile=No
;MigrateServiceAccounts=No
[Security]
;TranslationOption=Add
;TranslateFilesAndFolders=No
;TranslateLocalGroups=No
;TranslatePrinters=No
;TranslateRegistry=No
;TranslateShares=No
;TranslateUserProfiles=No
;TranslateUserRights=No
;SidMappingFile="SidMappingFile.txt"
ADMT ADMT
.txt
/N
ADMT COMPUTER /N "" "" /O:".txt"
/F
ADMT COMPUTER /F "" /IF:YES /SD:" /TD:"" /TO:""
(SAM) ($) Workstation01 Workstation01$
( RDN) cn= Workstation01 (OU)
DNS domain name/ou_path/object_name ou_path/object_name Asia.trccorp.treyresearch.net/Computers/Workstation01 Computers/Workstation01
SourceName
SourceName
SourceName
SourceName
name
CN=name
TargetName
TargetName SAM (UPN)TargetName
UPN UPN UPN UPN SAM "$"
SAM UPN "CN=newname""newname" "newname"
SourceName,TargetName
oldname, newname
TargetRDNTargetSAM TargetUPN
TargetRDNTargetSAM TargetUPN
TargetRDN
TargetSAM SAM "$" SAM
TargetUPN UPN UPN UPN (prefix@suffix) (" ")
SourceName,TargetRDN
oldname, CN=newname
SourceName,TargetRDN,TargetSAM
oldname, "CN=New RDN", newsamname
SourceName,TargetRDN,TargetSAM,TargetUPN
oldname, "CN=last\, first", newsamname, newupnname
CN ("\") ADMT
SourceName,TargetSAM,TargetUPN,TargetRDN
oldname, newsamname, newupnname@targetdomain, "CN=New Name"
SourceNameTargetRDNTargetSAM TargetUPN SourceName TargetRDNTargetSAM TargetUPN
SourceName,TargetSAM
abc,def
"abc" TargetSAM "def" TargetRDN TargetUPN
SourceName,TargetRDN,TargetUPN
abc,CN=def,[email protected]
abc TargetRDN CN=def TargetUPN [email protected] abc TargetSAM
RDN CN=
SAMAccountName
MSA_USER5$
MSA_USER6$
admt
admt managedserviceaccount /ef:
/en
admt managedserviceaccount /en: 1 2
AdmtConstants.vbs ADMT Microsoft Visual Basic(R) Scripting Edition (VBScript) ADMT TemplateScript.vbs %systemroot%\WINDOWS\ADMT
ADMT VBScript AdmtConstants.vbs
Option Explicit
'----------------------------------------------------------------------------
' ADMT
'----------------------------------------------------------------------------
' PasswordOption
Const admtComplexPassword = &H0001
Const admtCopyPassword = &H0002
'
' admtComplexPassword admtCopyPassword
Const admtDoNotUpdatePasswordsForExisting = &H0010
' ConflictOptions
Const admtIgnoreConflicting = &H0000
Const admtMergeConflicting = &H0001
Const admtRemoveExistingUserRights = &H0010
Const admtRemoveExistingMembers = &H0020
Const admtMoveMergedAccounts = &H0040
' DisableOption
Const admtLeaveSource = &H0000
Const admtDisableSource = &H0001
Const admtTargetSameAsSource = &H0000
Const admtDisableTarget = &H0010
Const admtEnableTarget = &H0020
' SourceExpiration
Const admtNoExpiration = -1
'
Const admtTranslateReplace = 0
Const admtTranslateAdd = 1
Const admtTranslateRemove = 2
'
Const admtReportMigratedAccounts = 0
Const admtReportMigratedComputers = 1
Const admtReportExpiredComputers = 2
Const admtReportAccountReferences = 3
Const admtReportNameConflicts = 4
'
Const admtNone = 0
Const admtData = 1
Const admtFile = 2
Const admtDomain = 3
Const admtRecurse = &H0100
Const admtFlattenHierarchy = &H0000
Const admtMaintainHierarchy = &H0200
Active Directory
Active Directory (ADMT) Windows Server Active Directory
ADMT
ADMT v3.0 (http://go.microsoft.com/fwlink/?LinkID=68791) ()
Windows Server 2003
Windows NTWindows 2000 Server Windows Server 2003
Windows 2000
Windows 2000 ProfessionalWindows XPWindows NT 4Windows 2000 Server Windows Server 2003
ADMT v3.1 (http://go.microsoft.com/fwlink/?LinkId=121732) ()
Windows Server2008
Windows 2000 ServerWindows Server 2003 Windows Server2008 ADMT v3.1 Windows NT 4
Windows 2000
Windows Server 2008 R2 ADMT v3.2
ADMT v3.1 Windows Server 2008 R2 Microsoft 976659 (http://go.microsoft.com/fwlink/?LinkId=182290)
Windows Server 2000 ProfessionalWindows XPWindows VistaWindows Server 2000 ServerWindows Server 2003 Windows Server2008
ADMT v3.2 (http://go.microsoft.com/fwlink/?LinkId=186197) ()
Windows Server 2008 R2
Windows Server 2003
Windows Server 2003
Windows XPWindows VistaWindows7Windows Server 2003Windows Server2008 Windows Server 2008 R2
Windows Server
ADMT (RODC) Server Core RODC
ADMT v3.2 Windows Server 2008 R2 Active Directory
ADMT v3.2
admt managedserviceaccount
(UPN) UPN targetUPN UPN UPN
Active Directory
Windows PowerShell
ADMT v3.2
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(EFS)
Kerberos
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
100
[] [] []
[] []
[] []
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) [ ()]
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
()
Proxy
ADMT v3.1 Windows 2000 ADMT v3.1 Windows 2000
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory ActiveDirectory
(IT)
Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory () Active Directory
Active Directory (IT)
Active Directory (ADMT)
ADMT
Windows Server2008Windows Server 2003Windows Vista ( Service Pack 1)Windows XP Microsoft Windows 2000 ( ADMT 3.1) Windows Server 2008 R2 Windows Server2008
Windows Server 2008 R2Windows7 Windows Vista SP1
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
AllowNT4Crypto
REG_DWORD
1
Windows NT 4.0
AD DS (http://go.microsoft.com/fwlink/?LinkId=119321) ()
Windows []
Windows Server 2008 R2Windows Server2008Windows Server 2003Windows7Windows Vista Windows XP
Windows (http://go.microsoft.com/fwlink/?LinkID=119315) ()
Active Directory
ADMT
Active Directory
128
(SID)
(OU)
ADMT
ADMT
Active Directory
ADMT admt service admt user
admt group
( SID ) admt user admt managedserviceaccount
SID
() admt computer admt group
SID (ACL) admt security
admt group
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory 3.1 (ADMT) Windows 2000 ADMT 3.2 Windows Server 2003
(IT)
Active Directory
Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
()Active Directory (ADMT)
Active Directory
Active Directory () (SID) SID ADMT SID SID
ADMT v3.1 Microsoft Exchange Server 5.5 ADMT Exchange Server Exchange 2000 ADMT Exchange 2000
(GPO) ADMT
SID SID ADMT
1.
2. SID
SID SID
Windows Installer
Active Directory
(SAM) (ACL)
Active Directory (AD DS) AD DS
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) (SID) SID SID SID
SID SID SID
SID ( SID )
Windows Server 2008 R2Windows Server2008 Windows Server 2003 SID ADMT v3.1 Windows 2000 Service Pack 4 (SP4)
SID
SID
SID SID SID
SID SID SID
SID SID SID SID
SID SID
SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(DACL) (SID) SID SID SID SID SID SID
(ACL) SID ACL SID SID ACL SID
SID SID SID SID SID
SID
SID SID
SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID) SID SID SID
SID SID SID
SID Windows 2000 Service Pack 4 (SP4) SID
SID SID SID
SID SID SID (http://go.microsoft.com/fwlink/?LinkId=73446) ()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
() ()
(OU)
Windows Server 2003 (http://go.microsoft.com/fwlink?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_1.doc)
Windows Server 2003 (http://go.microsoft.com/fwlink?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_2.doc)
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
1.
2.
3.
4.
(LOB) ()
[] []
10 10 () 10
Windows Server 2003 (http://go.microsoft.com/fwlink?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_3.doc)
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
1. ()
2.
3.
4.
5.
1.
2.
3.
()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID)
Active Directory (ADMT) []
[]
NULL
ADMT
ADMT []
ADMT
(GUID)
SID ( SID SID )
LegacyExchangeDN
ADMT ADMT mail proxyAddressesADMT (Microsoft Exchange) ADMT
ADMT (UI) UI
ADMT []
SID SID SID ()
(USMT)
Windows Vista Windows Vista Windows 7
[] []
[] []
USMT
Windows Vista Windows 7
\\host.name.fqdn\ProfileShare\
%username% RoamUserX
\\host.name.fqdn\ProfileShare\RoamUserX
RoamUserX ( RoamUserX)
Windows Vista Windows Windows Vista V2
Windows Vista Windows 7 RoamUserX
\\host.name.fqdn\ProfileShare\RoamUserX.V2
Windows
ADMT v3.2 ADMT V2 () ADMT Windows Vista Windows 7
ADMT v3.2 .V2 ACL
SYSTEM
user_name -
= user_name
.V2 ADMT
ADMT v3.2 Windows Server 2008 R2
\\\\\ Administrators
() ( host.name.fqdn) Administrators
ADMT v3.2 Administrators
ADMT
1.
2. ( Windows PowerShell)
a. ( host.name.fqdn) SYSTEM
b. Administrators ACL
c. Administrators ACL
3. ( Windows PowerShell)
a. ()
b. Administrators ACL
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
100
(UPN)
(EFS)
()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
128
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) 128 Windows 2000 Server Service Pack 3 (SP3) Service Pack 4 (SP4)Windows Server 2003Windows Server 2008 Windows Server 2008 R2 128 ADMT 128
Windows 2000 (http://go.microsoft.com/fwlink/?LinkId=76037)
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory (ADMT)
(http://go.microsoft.com/fwlink/?LinkId=77381) ()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT
() (SID) SID (OU) OU SID ADMT
OU OU
// ( SID )
OU OU
OU OU ADMT
// ( SID )
OU OU
OU OU SID ADMT
OU ADMT
OU ADMT
Windows Vista Windows 7 Windows Vista Windows 7
Administrators
acct_migrators res_migrators
1. acct_migrators
2. acct_migrators Domain Admins OU
3. SID acct_migrators Domain Admins acct_migrators SID
a.Active Directory []
b. [] [] acct_migrators
[] Active Directory [] []
c. [acct_migrators ] [ SID ] []
4. acct_migrators Builtin\Administrators
5. acct_migrators Administrators
1. res_migrators
2. res_migrators Domain Admins OU
3. res_migrators Administrators
4. res_migrators Administrators
1. res_migrator
2. res_migrator Domain Admins (Domain Admins Administrators Administrators )
3. OU res_migrator
ADMT
Account migrators
Resource migrators
Account migrators resource migrators
Data readers
Account migrators resource migrators data readers
SQLServer sysadmin ADMT
Administrators sysadmin ADMT
SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID) Active Directory (ADMT)
(PDC) TCP/IP
Windows Server 2003 Windows Server 2003 TcpipClientSupport
Windows Server 2008 R2 Windows Server2008 SID
SourceDomain$$$ SourceDomain NetBIOS Boston$$$SID
PDC TCP/IP
1. PDC ( FSMO) [] []
2. [] regedit []
3.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
4. TcpipClientSupport ( REG_DWORD) 1
5.
Windows Server 2008 R2 Windows Server 2008
1.
2. [] [] [] []
3.
| | | |
4. [] []
5.
| | Windows | | |
6. [] []
7. [] [] []
8. [] []
9. [] []
10. [] []
11. [] []
12. gpupdate /force
13. 1 12
OU
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (OU) OU
OU
1.
2.Active Directory OU
3.
4. OU
ADMT
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMTADMT 3.1 Microsoft SQL Server Express ADMT 3.2 SQL Server ADMT
ADMT v3.1
ADMT v3.2
ADMT SQL Server
Admtdb.exe
ADMT
ADMT v3.1
ADMT v3.1
ADMT v3.1
ADMT v3.1
ADMT v3.1
Active Directory 3.1 (ADMT v3.1) SQL Server 2005 Express Edition ADMT v3.1 SQL Server 2000 Service Pack 4 (SP4) Standard Enterprise Edition SQL Server 2005 Standard Enterprise Edition
ADMT v3.1
Windows Server2008
[] [] ADMT ADMT v3.1 ADMT ADMT ( ADMT v2.0 ADMT v3.0) ADMT v3.1
ADMT SQL Server 2000 SQL Server 2005 SQL Server ADMT SQL ADMT
ADMT v3.1
SQL Server 2005 Express Edition SQL ADMTActive Directory
ADMT
ADMT v3.1 (http://go.microsoft.com/fwlink/?LinkId=121732) ADMT v3.2 (http://go.microsoft.com/fwlink/?LinkId=186197) ADMT Active Directory [admtsetup.exe]
Active Directory
[]
ADMT (MS_ADMT)
SQL Server 2005 Express Edition ( ADMT ) ADMT SQL Server 2005 Express Edition
[ Microsoft SQL Server Express Edition] ADMT v3.1
ADMT v3.1 ADMT [ Microsoft SQL Server] Server\Instance
SQL Server ADMT v3.1 ADMT
Active Directory v3
ADMT v3.0 ADMT v3.1 ADMT v3.0 ADMT v3.1
ADMT v3.0 [ ()]
ADMT v3.0 ADMT v3.1 [ ADMT v3 ]
ADMT v3.0
Active Directory v2
ADMT v2.0 ADMT v3.1 ADMT v2.0 ADMT v3.1
ADMT v2.0 [ ADMT v2 ]
ADMT v2.0 ADMT v3.1 [ ADMT v2 ]
ADMT v2.0
ADMT v2.0 protar.mdb ADMT v2.0
ADMT v3.1 []
ADMT v3.2
ADMT v3.2 SQL Server SQL Server Express SQL Server Express ADMT Service Pack
SQL Server 2005 Express Service Pack 3 (SP3)
SQL Server 2008 Express Service Pack 1 (SP1)
SQL Server Express SQL Server Express ADMT
SQL Server 2005 SQL Server 2008 ADMT ADMT SQL Server ADMT Service Pack
ADMT v3.2
ADMT v3.2
ADMT v3.2
ADMT v3.2
[] [] ADMT v3.2 ADMT
ADMT v3.2 ADMT ADMT ADMT v2 ADMT v1 ADMT
() Windows Server 2008 R2
ADMT v3.2 Windows Server 2003 Active Directory Windows Server 2008 R2 ADMT v3.2
Windows Server 2008 R2 ADMT v3.2 Server Core (RODC)
ADMT SQL Server SQL Server Express SQL Server ADMT
SQL Server Express ADMT v3.2 SQL Server ADMT Admtdb.exe ADMT
ADMT v3.2
SQL Server 2005 Express (http://go.microsoft.com/fwlink/?LinkId=181159) () SQL Server ADMT v3.2 SQL Server [Windows ] SQL Server ADMT v3.2
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
ADMT v3.2
1. ADMT [admtsetup32.exe]
2. [] []
3. [] [] []
4. [] \
(.) SQL Server Express SQLEXPRESS
SQL Server Express .\SQLEXPRESS
5. SQL Express %windir%\ADMT\Data ADMT.mdf [] ADMT []
[] [ ()] ADMT [ ADMT v3.0 ADMT v3.1 ] []
SQL Server SQL Server ADMT SQL Server
[]
6. [] []
ADMT SQL Server
SQL Server Express ADMT ADMT SQL Server Express ADMT
ADMT SQL Server SQL Server SQL Server Express ( SQL Server ) ADMT ADMT
SQL
sp_detach_db [ @dbname = ] 'dbname'
SQL Server SQL Server Management Studio HOW TO (SQL Server Management Studio) (http://go.microsoft.com/fwlink/?LinkId=183994) ()
Admtdb.exe
ADMT v3.2 SQL Server Express SQL Server ( SQL Server SQL Server Express) Admtdb.exe Admtdb.exe
SQL Server Admtdb.exe ADMT
admtdb create /{s|server}:"\"
ADMT
/server SQL Server
admtdb upgrade /s|server:\
ADMT v3.0 ADMT v3.1
/server ADMT v3.0 ADMT v3.1 SQL Server
ADMT ADMT
admtdb attach [/{a|attach}:"v3x "
ADMT SQL Server Express 2005 SQL Server Express 2008
/attach Admt.mdf
Admtdb.exe admtdb /?
SQL Server Express SQL Server SQL Server Express ADMT SQL Express
SQL Server SQL Server Express ADMT
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
SQL Server
1. [] [] []
2. [] SQL Server Express [] [] ADMT v3.1 ADMT SQL Server Express MSSQL$MS_ADMT
[] []
3. [] [] []
4. [] [] []
5. []
6.
SQL SQL Server Express admtdb attach
admtdb attach /{s | Server}: SQL Server Express
admt config setdatabase /s:\
ADMT
ADMT v3.0ADMT v3.1 ADMT v3.2 () SQL Server
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
() ADMT SQL Server
1. [] [] []
2. [] SQL Server Express [] [] ADMT v3.1 ADMT SQL Server Express MSSQL$MS_ADMT
[] []
3. [] [] []
4. [] [] []
5. []
6.
admtdb attach /{s | Server}: SQL Server Express /{a | Attach}: ADMT v3.x "
admt config setdatabase /s:\
ADMT SQL Server ADMT ADMT admtdb.exe admt config setdatabase
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) 3.1 (PES v3.1) ADMT v3.1 ADMT v3.2 (PES) 3.1 Microsoft PES 3.1 x86 3.1 (x86)(http://go.microsoft.com/fwlink/?LinkId=147652) () x64 3.1 (x64)(http://go.microsoft.com/fwlink/?LinkId=147653) ()PES 128
PES (RODC)
ADMT [] []
PES ADMT PES
ADMT PES Windows Server 2008 R2 Windows Server2008 PES
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
ENTER
admt key /option:create /sourcedomain: /keyfile: /keypassword:{|*}
PES (DNS) NetBIOS
{|*}
(*)
PES
ADMT PES PES Everyone Anonymous Logon Pre-Windows 2000 Compatible Access
PES Pre-Windows 2000 Compatible Access Everyone Anonymous Logon
PES
1. PES
2. Pwdmig.msi []
ADMT DLL
[]
ADMT (DLL)
admt key
PES
PES domain\user_name
[] PES
ADMT PES
3.
4. PES [][][] []
5. [] []
PES PES
ADMT
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) [ SID ] (SID) SID SID ADMT
source_domain$$$ SID SID
Windows 2000 ADMT 3.1 (PDC) TCP/IP ( TcpipClientSupport 1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
TcpipClientSupport 1 TCP (RPC)
Windows Server 2003
ADMT SID Windows Server2008 Windows Server 2008 R2 SID
ADMT
ADMT
1. ADMT
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
OU []
[] []
[ SID ]
[]
2. []
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT)
ADMT ADMT
Active Directory ADMT () ()
() ADMT ADMT ADMT password.txt
() ADMT
()
ADMT
ADMT ADMT
ADMT ADMT
ADMT
1. ADMT ADMT
2. ADMT [] []
3.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[]
[] [] [] [] [] []
[] [] []
[]
[] [] [][] []
ADMT [] []
[]
[] ADMT [] [] []
[ SCM] [ SCM]
[ SCM] [ SCM] ADMT [ SCM]
ADMT
1. ADMT ADMT
2. ENTER
ADMT SERVICE /N "" "" /SD:"" /TD:""
ADMT SERVICE /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
3.
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objServiceAccountEnumeration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objServiceAccountEnumeration = _
objMigration.CreateServiceAccountEnumeration
'
'
'
objMigration.SourceDomain = ""
'
'
'
objServiceAccountEnumeration.Enumerate admtData, _
Array("computer name1" ,"computer name2" )
Set objServiceAccountEnumeration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (SID) SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT)
ADMT ADMT
ADMT
1. ADMT ADMT
2. ADMT [] []
3.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[] []
[]
[]
[]
[ SID ]
[]
[]
[]
[ SCM] ADMT [] []
[]
4. []
5.Active Directory (OU) OU
6.
ADMT
1. ADMT ADMT
2. ENTER
ADMT USER /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES
Server_name1 Server_name2
ADMT USER /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/DOT:ENABLETARGET ()
DisableOption=ENABLETARGET ()
/PO:COMPLEX ()
PasswordOption=COMPLEX
SID =
/MSS:YES
MigrateSIDs=YES
=
/UUR:YES
UpdateUserRights=YES
/CO:IGNORE ()
ConflictOptions=IGNORE ()
3.
4.Active Directory OU OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.ConflictOptions = admtIgnoreConflicting
'
'
'
objUserMigration.MigrateSIDs = True
objUserMigration.UpdateUserRights = True
objUserMigration.MigrateServiceAccounts = True
'
'
'
objUserMigration.Migrate admtData, _
Array("service account name1", "service account name2")
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
1.
2. (SID)
3.Active Directory (ADMT) SID SID
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[ SID ]
[]
3. []
4.ActiveDirectory OU
ADMT
1. ADMT ADMT
2. ADMT Group ENTER
ADMT GROUP /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES
ADMT GROUP /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
GG SID
/MSS:YES
MigrateSIDs=YES
/CO:IGNORE ()
ConflictOptions=IGNORE
3.
4.Active Directory OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objGroupMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objGroupMigration = objMigration.CreateGroupMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objGroupMigration.MigrateSIDs = True
'
'
'
objGroupMigration.Migrate admtData, Array("group name1" ,"group name2" )
Set objGroupMigration = Nothing
Set objMigration = Nothing
SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID) ()
Active Directory (ADMT) Windows NT 4.0 (Pstore) (EFS) Pstore
Windows 2000 Server API (DPAPI) DPAPI
()
EFS (S/MIME)
CryptProtectData()
1.
2.
3.
4.
5.
6. ()
7.
8.
9.
(OU) OU OU
OU OU OU Windows Server 2003 Active Directory OU OU
OU OU Windows NT 4.0 Windows Server 2003 OU OU
OU (http://go.microsoft.com/fwlink/?LinkId=76628) ()
OU OU OU OU
ADMT ADMT ADMT
ADMT
ADMT ADMT C:\Program Files\ActiveDirectory Migration Tool\Logs\Password.txt
(/////)ADMT
SID
Windows Server 2008 R2 Active Directory Windows7 Windows Server 2008 R2 ADMT v3.2
ADMT v3.2
1. admt managedserviceaccount
2. admt computer
() ()
() SID (SID )
[] () [] [] SID MSA
ADMT
1. ADMT ADMT
2. ADMT [] []
3.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[]
[] [] [] [] [] []
[]
[] [] [] [] [] []
[] [] []
[] []
[]
[]
[ SID ]
[] []
[]
4. []
5.Active Directory OU
ADMT
1. ADMT ADMT
2. ENTER
ADMT MANAGEDSERVICEACCOUNT /N "" "" /IF:NO /SD:"" /TD:"" /UUR:YES /FGM:YES /MSS:YES
ADMT MANAGEDSERVICEACCOUNT /N "" "" /O:".txt"
/IF:No
Intraforest=No
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/UUR:Yes
UpdateUserRights=Yes
/FGM:Yes
FixGroupMembership=Yes
SID
SID
/MSS:Yes
MigrateSIDs=Yes
3.
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
( AdministratorsUsers Power Users) Active Directory (ADMT) (SID) SID SID ( Domain Admins Domain Users) ADMT
ADMT
1.ADMT
2.ADMT SID
3.ADMT SID SID
4.ADMT
5. ADMT
ADMT ADMT (UPN) UPN
SID
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
ADMT OU OU []
[] OU []
[]
[]
[] []
[] [] 7
[ SID ]
[]
[]
[]
[]
[]
[]
[] []
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
SID
2. ADMT User ENTER
ADMT USER /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /TRP:YES /UUR:NO
ADMT USER /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
SID
/MSS:YES
MigrateSIDs=YES
/DOT:DISABLETARGET
DISABLEOPTION=DISABLETARGET
/SEP:7
SOURCEEXPIRATION=7
/CO:IGNORE ()
ConflictOptions=IGNORE
/TRP:YES ()
TranslateRoamingProfile=YES
/UUR:NO
UpdateUserRights=NO
/PO:COMPLEX
PasswordOption=COMPLEX
3.
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Sales OU OU West West/Sales ADMT TemplateScripts.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.PasswordOption = admtComplexPassword
objMigration.ConflictOptions = admtIgnoreConflicting
'
'
'
objUserMigration.MigrateSIDs = True
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = False
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'
'
objUserMigration.Migrate admtData, Array("user name1" , "user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT Active Directory
Windows Installer 2.0 ( Windows 2000 Server Service Pack 3 (SP3) Service Pack4 (SP4) Windows XP Service Pack 1 (SP1) Service Pack 2 (SP2) ) ADMT
ADMT ADMT
ADMT
1. ADMT Administrators
2. ADMT ADMT
3.
[]
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
[ADMT Agent]
[] []
4. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TO:"" /TOT:Replace /TUP:YES
ADMT SECURITY /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:REPLACE
TranslateOption=REPLACE
/TUP:YES
TranslateUserProfiles=YES
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateReplace
objSecurityTranslation.TranslateUserProfiles = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
(SAM) SAM ()
ADMT ADMT
RestartDelay
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
()
[] []
[]
[] [] OU []
[]
[]
[]
[ ()] [5]
[] [] []
[]
[ADMT Agent]
[] []
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT Computer ENTER
ADMT COMPUTER /N "" "" /SD:"" /TD:"" /TO:"" [/M: ] [/UALLMSA:Yes] /RDL:5
ADMT COMPUTER /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/UALLMSA:YES
UpdateAllManagedServiceAccounts=Yes
/M /UALLMSA
/M 1 2
UPDATEMSANAME= 1 2
/TO:"target_OU"
TargetOU="target_OU"
()
/RDL:5
RestartDelay=5
/TOT:ADD
TranslationOption=ADD
/TUR:YES
TranslateUserRights=YES
/TLG:YES
TranslateLocalGroups=YES
3. MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objComputerMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objComputerMigration = objMigration.CreateComputerMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objComputerMigration.RestartDelay = 1
objComputerMigration.TranslationOption = admtTranslateAdd
objComputerMigration.TranslateLocalGroups = True
objComputerMigration.TranslateUserRights = True
objComputerMigration.UpdateAllManagedServiceAccounts = True
'
'
'
objComputerMigration.Migrate admtData, _
Array("computer name1" ,"computer name2" )
Set objComputerMigration = Nothing
Set objMigration = Nothing
ADMT ADMT
ADMT ADMT (UPN) UPN
(SID)
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
ADMT OU OU []
[] OU []
[]
[ DC]
[] []
[] [] 7
[ SID ]
[]
[]
[]
[]
[]
[]
[]
[]
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT User ENTER
ADMT USER /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /TRP:YES /UUR:YES
ADMT USER /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
SID
/MSS:YES
MigrateSIDs=YES
/CO:REPLACE
ConflictOptions=REPLACE
/TRP:YES ()
TranslateRoamingProfile=YES
/UUR:YES
UpdateUserRights=YES
/PO:COPY /PS:
PasswordOption=COPY
PasswordServer=:
/SEP:7
SourceExpiration=7
3.
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.PasswordOption = admtCopyPassword
objMigration.PasswordServer = ""
objMigration.ConflictOptions = admtReplaceConflicting
'
'
'
objUserMigration.SourceExpiration = 7
objUserMigration.MigrateSIDs = True
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = True
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'
'
objUserMigration.Migrate admtData, Array("user name1" , "user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT
SID
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[]
[]
[]
[]
[ SID ]
[]
[] ()
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
SID
2. ADMT Group ENTER
ADMT GROUP /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /CO:REPLACE
ADMT GROUP /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
GG SID
/MSS:YES
MigrateSIDs=YES
/CO:REPLACE
ConflictOptions=REPLACE
3.
4.Active Directory OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objGroupMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objGroupMigration = objMigration.CreateGroupMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.ConflictOptions = admtReplaceConflicting
'
'
'
objGroupMigration.MigrateSIDs = True
'
'
'
objGroupMigration.Migrate admtData, Array("group name1" ,"group name2" )
Set objGroupMigration = Nothing
Set objMigration = Nothing
SID
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
SID (SID) ()
SID SID () SID SID
1.
2. [] Active Directory (ADMT)
3.
4.
5.
6.
7. ()
8.
9.
10.
11.
SID
Windows Server 2008 R2 Active Directory Windows7 Windows Server 2008 R2 ADMT v3.2
ADMT v3.2
1. admt managedserviceaccount
2. admt computer
() ()
() SID (SID )
[] () [] [] SID MSA
ADMT
1. ADMT ADMT
2. ADMT [] []
3.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[]
[] [] [] [] [] []
[]
[] [] [] [] [] []
[] [] []
[] []
[]
[]
[ SID ]
[] []
[]
4. []
5.Active Directory OU
ADMT
1. ADMT ADMT
2. ENTER
ADMT MANAGEDSERVICEACCOUNT /N "" "" /IF:NO /SD:"" /TD:"" /UUR:YES /FGM:YES /MSS:YES
ADMT MANAGEDSERVICEACCOUNT /N "" "" /O:".txt"
/IF:No
Intraforest=No
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/UUR:Yes
UpdateUserRights=Yes
/FGM:Yes
FixGroupMembership=Yes
SID
SID
/MSS:Yes
MigrateSIDs=Yes
3.
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
( AdministratorsUsers Power Users) ActiveDirectory (ADMT) (SID) SID SID ( Domain Admins Domain Users) ADMT
ADMT
1.ADMT
2.ADMT SID
3.ADMT SID SID
4.ADMT
5. ADMT
ADMT ADMT (UPN) UPN
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
ADMT ADMT
ADMT (OU) OU OU []
[] OU []
[]
[]
[] []
[] [] 7
[ SID ]
[]
[]
[]
[]
[]
[]
[] []
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT User ENTER
ADMT USER /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /TRP:YES /UUR:YES
ADMT USER /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
SID
/MSS:YES
MigrateSIDs=YES
/CO:IGNORE ()
ConflictOptions=IGNORE
/TRP:YES ()
TranslateRoamingProfile=YES
/UUR:YES
UpdateUserRights=YES
/PO:COMPLEX ()
PasswordOption=COMPLEX
3.
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.PasswordOption = admtComplexPassword
objMigration.ConflictOptions = admtIgnoreConflicting
'
'
'
objUserMigration.MigrateSIDs = True
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = True
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'
'
objUserMigration.Migrate admtData, Array("user name1" , "user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID) (ACL) ACL Active Directory (ADMT) SID ()
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[]
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
[ADMT Agent]
[] []
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TO:"" /TOT:Add
ADMT SECURITY /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:Add
TranslateOption=ADD
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateAdd
objSecurityTranslation.TranslateFilesAndFolders = True
objSecurityTranslation.TranslateLocalGroups = True
objSecurityTranslation.TranslatePrinters = True
objSecurityTranslation.TranslateRegistry = True
objSecurityTranslation.TranslateShares = True
objSecurityTranslation.TranslateUserProfiles = False
objSecurityTranslation.TranslateUserRights = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT Active Directory
WindowsInstaller2.0 ( Windows2000Server Service Pack3 (SP3) Service Pack4 (SP4)WindowsXP Service Pack1 (SP1) Service Pack2 (SP2) ) ADMT
ADMT ( 5 )
ADMT ADMT
ADMT
1. ADMT Administrators
2. ADMT ADMT
3.
[]
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
[ADMT Agent]
[] []
4. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TO:"" /TOT:Replace /TUP:YES
ADMT SECURITY /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:REPLACE
TranslateOption=REPLACE
/TUP:YES
TranslateUserProfiles=YES
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateReplace
objSecurityTranslation.TranslateUserProfiles = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
(SAM) SAM ()
ADMT ADMT
ADMT RestartDelay
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
()
[] []
[]
[] [] (OU) []
[]
[]
[]
[ ()] [5]
[] [] []
[]
[ADMT Agent]
[] []
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT Computer ENTER
ADMT COMPUTER /N "" "" /SD:"" /TD:"" /TO:"" [/M: ] [/UALLMSA:Yes] /RDL:5
ADMT COMPUTER /N "" "" /O:".txt"
SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/UALLMSA:YES
UpdateAllManagedServiceAccounts=Yes
/M /UALLMSA
/M: 1 2
UPDATEMSANAME= 1 2
/TO:"target_OU"
TargetOU="target_OU"
()
/RDL:5
RestartDelay=5
/TOT:ADD
TranslationOption=ADD
/TUR:YES
TranslateUserRights=YES
/TLG:YES
TranslateLocalGroups=YES
3. MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objComputerMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objComputerMigration = objMigration.CreateComputerMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objComputerMigration.RestartDelay = 1
objComputerMigration.TranslationOption = admtTranslateAdd
objComputerMigration.TranslateLocalGroups = True
objComputerMigration.TranslateUserRights = True
objComputerMigration.UpdateAllManagedServiceAccounts = True
'
'
'
objComputerMigration.Migrate admtData, _
Array("computer name1" ,"computer name2" )
Set objComputerMigration = Nothing
Set objMigration = Nothing
ADMT ADMT (UPN) UPN
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
ADMT OU OU []
[] OU []
[]
[ DC]
[] []
[:] [:] 7
[ SID ]
[]
[]
[]
[]
[]
[]
[]
[]
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT User ENTER
ADMT USER /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /TRP:YES /UUR:YES
ADMT USER /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
SID
/MSS:YES
MigrateSIDs=YES
/CO:REPLACE
ConflictOptions=REPLACE
/TRP:YES ()
TranslateRoamingProfile=YES
/UUR:YES
UpdateUserRights=YES
/PO:COPY /PS:
PasswordOption=COPY
PasswordServer=:
/SEP:30
SourceExpiration=30
3.
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.PasswordOption = admtCopyPassword
objMigration.PasswordServer = ""
objMigration.ConflictOptions = admtReplaceConflicting
'
'
'
objUserMigration.SourceExpiration = 7
objUserMigration.MigrateSIDs = True
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = False
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'
'
objUserMigration.Migrate admtData, Array("user name1" , "user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
ActiveDirectory (ADMT) ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[]
[]
[]
[]
[ SID ]
[]
[] ()
3. []
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT Group ENTER
ADMT GROUP /N "" "" /SD:"" /TD:"" /TO:"" /MSS:YES /CO:REPLACE
ADMT GROUP /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
GG SID
/MSS:YES
MigrateSIDs=YES
/CO:REPLACE
ConflictOptions=REPLACE
3.
4.Active Directory OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objGroupMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objGroupMigration = objMigration.CreateGroupMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
objMigration.ConflictOptions = admtReplaceConflicting
'
'
'
objGroupMigration.MigrateSIDs = True
'
'
'
objGroupMigration.Migrate admtData, Array("group name1" ,"group name2" )
Set objGroupMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID) (ACL) ()
SID SID
Active Directory (ADMT) ADMT
ADMT
1. ADMT ADMT
2.
[]
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TO:"" /TOT:Remove
ADMT SECURITY /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:Remove
TranslateOption=REMOVE
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateRemove
objSecurityTranslation.TranslateFilesAndFolders = True
objSecurityTranslation.TranslateLocalGroups = True
objSecurityTranslation.TranslatePrinters = True
objSecurityTranslation.TranslateRegistry = True
objSecurityTranslation.TranslateShares = True
objSecurityTranslation.TranslateUserProfiles = False
objSecurityTranslation.TranslateUserRights = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
100 (SAM) SAM SAM ()
Active Directory (ADMT) ADMT
( 1) RestartDelay
Active Directory (ADMT) ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
()
[] []
[]
[] [] (OU) []
[]
[]
[]
[ ()] [5]
[] [] []
[]
[ADMT Agent]
[] []
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory OU
ADMT
1. ADMT ADMT
2. ADMT Computer ENTER
ADMT COMPUTER /N "" "" /SD:"" /TD:"" /TO:"" [/M: ] [/UALLMSA:Yes] /RDL:5
ADMT COMPUTER /N "" "" /O:".txt"
SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/UALLMSA:YES
UpdateAllManagedServiceAccounts=Yes
/M /UALLMSA
/M 1 2
UPDATEMSANAME= 1 2
/TO:"target_OU"
TargetOU="target_OU"
()
/RDL:5
RestartDelay=5
/TOT:ADD
TranslationOption=ADD
/TUR:YES
TranslateUserRights=YES
/TLG:YES
TranslateLocalGroups=YES
3. MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objComputerMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objComputerMigration = objMigration.CreateComputerMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objComputerMigration.RestartDelay = 1
objComputerMigration.TranslationOption = admtTranslateAdd
objComputerMigration.TranslateLocalGroups = True
objComputerMigration.TranslateUserRights = True
objComputerMigration.UpdateAllManagedServiceAccounts = True
'
'
'
objComputerMigration.Migrate admtData, _
Array("computer name1" ,"computer name2" )
Set objComputerMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Windows NT 4.0 Active Directory (ACL) Windows 2000 Windows Server 2003 ACL ACL
ACLACL (SID) ADMT
Active Directory (ADMT)
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[ SID ]
[]
[] ()
3. []
4.Active Directory (OU) OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objGroupMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objGroupMigration = objMigration.CreateGroupMigration
'
'
'
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objGroupMigration.MigrateSIDs = True
'
'
'
objGroupMigration.Migrate admtData, _
Array("local group name1" ,"local group name2" )
Set objGroupMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory (AD DS)
Active Directory ADDS
Active Directory ADDS
Windows2000Server WindowsServer2003 ActiveDirectory ADDS WindowsServer2003 ActiveDirectory ADDS
RODC
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(ACL) ACL (SID) SID ACL SIDActive Directory (ADMT) SID SID
SID
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[]
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TO:"" /TOT:Replace
ADMT SECURITY /N "" "" /O ".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:Replace
TranslateOption=REPLACE
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateReplace
objSecurityTranslation.TranslateFilesAndFolders = True
objSecurityTranslation.TranslateLocalGroups = True
objSecurityTranslation.TranslatePrinters = True
objSecurityTranslation.TranslateRegistry = True
objSecurityTranslation.TranslateShares = True
objSecurityTranslation.TranslateUserProfiles = False
objSecurityTranslation.TranslateUserRights = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
1.
2.
3.
(SID)
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory (ADMT)
ADMT
WindowsServer2008Windows Server 2003Windows Vista ( Service Pack 1 (SP1))Windows XP Microsoft Windows 2000 ( ADMT 3.1) Windows Server 2008 R2 Windows Server2008
Windows Vista SP1Windows7 Windows Server 2008 R2
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
AllowNT4Crypto
REG_DWORD
1
Windows NT 4.0
AD DS (http://go.microsoft.com/fwlink/?LinkId=119321) ()
Windows []
Windows Server 2008 R2Windows Server2008Windows7 WindowsVista
(http://go.microsoft.com/fwlink/?LinkID=119315) ()
Active Directory
Active Directory
ADMT
ADMT
Active Directory
admt group
ADMT ( admt service admt user )
admt managedserviceaccount
admt user
admt security
admt computer
admt group
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory Active Directory
Active Directory ADMT ADMT v3.1 Windows 2000 ADMT v3.2 Windows Server 2003
Active Directory
ADMT v3.1 Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory
Active Directory Active Directory Active Directory
Active Directory
( AdministratorsUsers Power Users) ( Domain Admins Domain Users) Active Directory (ADMT) (ACL)
ADMT Domain Users ADMT ( Server Operators Backup Operators) ( Domain Admins)
1.
2.
3.
4. () (SID) SID SID
User 1 Global A Global B Domain 1 User 1 Global A Domain 2 Domain 1 Domain 2 Global B Domain 1 (Open Set) Global B User 1 User 1 Global B User 1
Windows 2000 ADMT ADMT ADMT
Windows 2000 ADMT SIDADMT SID SID ADMT Windows 2000 Windows Server 2003
ADMT
SID
SID Active Directory SID SID SID ADMT SID SID
Active Directory Windows 2000 SID
1.
2.
3.
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
(OU)
Active Directory
OU
OU OU
Active Directory (ADMT) OU OU ADMT
OU (http://go.microsoft.com/fwlink/?LinkID=76628) ()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
() ()
(OU)
Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_1.doc)
Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_2.doc)
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory
Active Directory
Active Directory
Active Directory (ADMT)
Windows 2000 ADMT ADMT
ADMT
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT)
1.
2.
3.
4.
(LOB) ()
[] []
10 10 () 10
Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=14384) Job_Aids_Designing_and_Deploying_Directory_and_Security_Services (DSSREER_3.doc)
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Proxy
Active Directory (ADMT) (SID) SID SID
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
100
(UPN)
(EFS)
()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT
() ADMT ADMT
(OU) OU
//
(SID)
OU OU ADMT
() Administrators
OU ADMT
OU ADMT
Windows Vista Windows 7 Windows Vista Windows 7
ADMT
Account migrators
Resource migrators
account migrators resource migrators
Data readers
account migrators resource migrators data readers
SQLServer sysadmin ADMT
Administrators sysadmin ADMT
ADMT
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMTADMT 3.1 Microsoft SQL Server Express ADMT 3.2 SQL Server ADMT
ADMT v3.1
ADMT v3.2
ADMT SQL Server
Admtdb.exe
ADMT
ADMT v3.1
ADMT v3.1
ADMT v3.1
ADMT v3.1
ADMT v3.1
Active Directory 3.1 (ADMT v3.1) SQL Server 2005 Express Edition ADMT v3.1 SQL Server 2000 Service Pack 4 (SP4) Standard Enterprise Edition SQL Server 2005 Standard Enterprise Edition
ADMT v3.1
Windows Server2008
[] [] ADMT ADMT v3.1 ADMT ADMT ( ADMT v2.0 ADMT v3.0) ADMT v3.1
ADMT SQL Server 2000 SQL Server 2005 SQL Server ADMT SQL ADMT
ADMT v3.1
SQL Server 2005 Express Edition SQL ADMTActive Directory
ADMT
ADMT v3.1 (http://go.microsoft.com/fwlink/?LinkId=121732) ADMT v3.2 (http://go.microsoft.com/fwlink/?LinkId=186197) ADMT Active Directory [admtsetup.exe]
Active Directory
[]
ADMT (MS_ADMT)
SQL Server 2005 Express Edition ( ADMT ) ADMT SQL Server 2005 Express Edition
[ Microsoft SQL Server Express Edition] ADMT v3.1
ADMT v3.1 ADMT [ Microsoft SQL Server] Server\Instance
SQL Server ADMT v3.1 ADMT
Active Directory v3
ADMT v3.0 ADMT v3.1 ADMT v3.0 ADMT v3.1
ADMT v3.0 [ ()]
ADMT v3.0 ADMT v3.1 [ ADMT v3 ]
ADMT v3.0
Active Directory v2
ADMT v2.0 ADMT v3.1 ADMT v2.0 ADMT v3.1
ADMT v2.0 [ ADMT v2 ]
ADMT v2.0 ADMT v3.1 [ ADMT v2 ]
ADMT v2.0
ADMT v2.0 protar.mdb ADMT v2.0
ADMT v3.1 []
ADMT v3.2
ADMT v3.2 SQL Server SQL Server Express SQL Server Express ADMT Service Pack
SQL Server 2005 Express Service Pack 3 (SP3)
SQL Server 2008 Express Service Pack 1 (SP1)
SQL Server Express SQL Server Express ADMT
SQL Server 2005 SQL Server 2008 ADMT ADMT SQL Server ADMT Service Pack
ADMT v3.2
ADMT v3.2
ADMT v3.2
ADMT v3.2
[] [] ADMT v3.2 ADMT
ADMT v3.2 ADMT ADMT ADMT v2 ADMT v1 ADMT
() Windows Server 2008 R2
ADMT v3.2 Windows Server 2003 Active Directory Windows Server 2008 R2 ADMT v3.2
Windows Server 2008 R2 ADMT v3.2 Server Core (RODC)
ADMT SQL Server SQL Server Express SQL Server ADMT
SQL Server Express ADMT v3.2 SQL Server ADMT Admtdb.exe ADMT
ADMT v3.2
SQL Server 2005 Express (http://go.microsoft.com/fwlink/?LinkId=181159) () SQL Server ADMT v3.2 SQL Server [Windows ] SQL Server ADMT v3.2
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
ADMT v3.2
1. ADMT [admtsetup32.exe]
2. [] []
3. [] [] []
4. [] \
(.) SQL Server Express SQLEXPRESS
SQL Server Express .\SQLEXPRESS
5. SQL Express %windir%\ADMT\Data ADMT.mdf [] ADMT []
[] [ ()] ADMT [ ADMT v3.0 ADMT v3.1 ] []
SQL Server SQL Server ADMT SQL Server
[]
6. [] []
ADMT SQL Server
SQL Server Express ADMT ADMT SQL Server Express ADMT
ADMT SQL Server SQL Server SQL Server Express ( SQL Server ) ADMT ADMT
SQL
sp_detach_db [ @dbname = ] 'dbname'
SQL Server SQL Server Management Studio HOW TO (SQL Server Management Studio) (http://go.microsoft.com/fwlink/?LinkId=183994) ()
Admtdb.exe
ADMT v3.2 SQL Server Express SQL Server ( SQL Server SQL Server Express) Admtdb.exe Admtdb.exe
SQL Server Admtdb.exe ADMT
admtdb create /{s|server}:"\"
ADMT
/server SQL Server
admtdb upgrade /s|server:\
ADMT v3.0 ADMT v3.1
/server ADMT v3.0 ADMT v3.1 SQL Server
ADMT ADMT
admtdb attach [/{a|attach}:"v3x "
ADMT SQL Server Express 2005 SQL Server Express 2008
/attach Admt.mdf
Admtdb.exe admtdb /?
SQL Server Express SQL Server SQL Server Express ADMT SQL Express
SQL Server SQL Server Express ADMT
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
SQL Server
1. [] [] []
2. [] SQL Server Express [] [] ADMT v3.1 ADMT SQL Server Express MSSQL$MS_ADMT
[] []
3. [] [] []
4. [] [] []
5. []
6.
SQL SQL Server Express admtdb attach
admtdb attach /{s | Server}: SQL Server Express
admt config setdatabase /s:\
ADMT
ADMT v3.0ADMT v3.1 ADMT v3.2 () SQL Server
Administrators (http://go.microsoft.com/fwlink/?LinkId=83477)
() ADMT SQL Server
1. [] [] []
2. [] SQL Server Express [] [] ADMT v3.1 ADMT SQL Server Express MSSQL$MS_ADMT
[] []
3. [] [] []
4. [] [] []
5. []
6.
admtdb attach /{s | Server}: SQL Server Express /{a | Attach}: ADMT v3.x "
admt config setdatabase /s:\
ADMT SQL Server ADMT ADMT admtdb.exe admt config setdatabase
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
ActiveDirectory ActiveDirectory (ADMT) ()
ADMT
()
ADMT Password.txt
ADMT ADMT
1. ADMT
2.
[] [] NetBIOS (DNS) []
(RID)
[] [] NetBIOS DNS [] []
[]
[] [] [] [] [] []
[] [] []
[]
[] [] [][] []
ADMT [] []
[] ADMT [] [] []
3. [ SCM] [ SCM] [ SCM] [ SCM] ADMT [ SCM]
ADMT
1. ADMT ADMT
2. ENTER
ADMT SERVICE /N "" "" /SD:"" /TD:""
ADMT SERVICE /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
3.
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objServiceAccountEnumeration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objServiceAccountEnumeration = _
objMigration.CreateServiceAccountEnumeration
'
'
'
objMigration.SourceDomain = ""
'
'
'
objServiceAccountEnumeration.Enumerate admtData, _
Array("computer name1" ,"computer name2" )
Set objServiceAccountEnumeration = Nothing
Set objMigration = Nothing
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Contoso Corporation Africa EMEA
Africa EMEA 1,800 Africa EMEA ())
Contoso Corporation Africa EMEA Windows 2000 Africa EMEA (OU) OU OU
Contoso Corporation SQL Server
Active Directory (ADMT) ADMT
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
ActiveDirectory ActiveDirectory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
()
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(SID)
Active Directory (ADMT) ADMT
ADMT
ADMT ADMT
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[ SID ] []
[]
ADMT
1. ADMT ADMT
sIDHistory migration
2. ADMT Group ENTER
ADMT GROUP /N "" "" /IF:YES /SD:"" /TD:"" /TO:""
ADMT GROUP /N "" "" /O:".txt"
ADMT v3.1 []
Intra-forest
/IF:YES
IntraForest=YES
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/CO:IGNORE ()
ConflictOptions=IGNORE
3.
4.Active Directory OU OU
ADMT .wsf AdmtConstants.vbs
sIDHistory
Option Explicit
Dim objMigration
Dim objGroupMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objGroupMigration = objMigration.CreateGroupMigration
'
'
'
objMigration.IntraForest = True
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objGroupMigration.Migrate admtData, Array("group name1" ,"group name2" )
Set objGroupMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
() ( Active Directory ) Windows 2000
Active Directory (ADMT) (SID) ADMT
ADMT ADMT
ActiveDirectory (OU) [] []
ADMT ADMT
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
OU []
[] []
[ SID ] []
[]
3. []
4.Active Directory OU OU
ADMT
1. ADMT ADMT
sIDHistory
2. ADMT Group ENTER
ADMT GROUP /N "" "" /IF:YES /SD:"" /TD:"" /TO:""
ADMT GROUP /N "" "" /O:".txt"
Intra-forest
/IF:YES
IntraForest=YES
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/CO:IGNORE ()
ConflictOptions=IGNORE
3.
4.Active Directory OU OU
1. ADMT
sIDHistory
2.migration.log ADMT Windows\ADMT\Logs
Windows Server 2003 Windows Server2008 Windows Server 2003 Windows Server2008
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT
ADMT ADMT
ADMT
ADMT ADMT
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] []
[]
[] []
[]
[ SCM] () [] []
[]
[] ADMT [] []
()
ADMT
1. ADMT ADMT
2. ENTER
ADMT USER /N "" "" /IF:YES /SD:"" /TD:"" /TO:"" /MSA:YES
ADMT USER /N "" "" /O:".txt"
Intra-forest
/IF:YES
IntraForest=YES
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/MSA:YES
MigrateServiceAccounts=YES
/UUR:YES
UpdateUserRights=YES
/CO:IGNORE ()
ConflictOptions=IGNORE ()
3.
4.Active Directory OU OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.IntraForest = True
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objUserMigration.UpdateUserRights = True
objUserMigration.MigrateServiceAccounts = True
'
'
'
objUserMigration.Migrate admtData, _
Array("service account name1", "service account name2")
Set objUserMigration = Nothing
Set objMigration = Nothing
Windows Server 2008 R2 Active Directory Windows7 Windows Server 2008 R2 ADMT v3.2
ADMT v3.2
1. admt managedserviceaccount
2. admt computer
() ()
() SID (SID )
[] () [] [] SID MSA
ADMT
1. ADMT ADMT
2. ADMT [] []
3.
[] [] NetBIOS (DNS) []
[] [] NetBIOS DNS [] []
[]
[] [] [] [] [] []
[]
[] [] [] [] [] []
[] [] []
[] []
[]
[]
[ SID ]
[] []
[]
4. []
5.Active Directory OU
ADMT
1. ADMT ADMT
2. ENTER
ADMT MANAGEDSERVICEACCOUNT /N "" "" /IF:NO /SD:"" /TD:"" /UUR:YES /FGM:YES /MSS:YES
ADMT MANAGEDSERVICEACCOUNT /N "" "" /O:".txt"
/IF:No
Intraforest=No
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/UUR:Yes
UpdateUserRights=Yes
/FGM:Yes
FixGroupMembership=Yes
SID
SID
/MSS:Yes
MigrateSIDs=Yes
3.
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
API (DPAPI) DPAPI
()
EFS (S/MIME)
CryptProtectData()
Windows Installer ()
1.Active Directory (ADMT)
2.
OU
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(OU)
OU /D /N (/IncludeName) /D (/IncludeDomain) RECURSE MAINTAIN
ADMT /D:RECURSE+MAINTAIN /O ""
OU admtDomain admtData admtFile admtDomain admtRecurse admtMaintainHierarchy
objUserMigration.Migrate admtDomain + admtRecurse + admtMaintainHierarchy
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT (UPN) UPN
ADMT
ADMT ADMT
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
ADMT (OU) OU OU []
[] OU []
[]
[]
[] []
[]
[] [] [] [] []
ADMT
1. ADMT ADMT
sIDHistory
2. ADMT User
ADMT USER /N "" "" /IF:YES /SD:"" /TD:"" /TO:"" /TRP:YES /UUR:YES
ADMT USER /N "" "" /O ".txt"
/IF:YES
IntraForest=YES
/SD:"source_domain"
SourceDomain="source_domain"
/SO:"source_OU"
SourceOU="source_OU"
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/CO:IGNORE ()
ConflictOptions=IGNORE
/TRP:YES ()
TranslateRoamingProfile=YES
/UUR:YES
UpdateUserRights=YES
3.
4.Active Directory OU OU
sIDHistory
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objUserMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objUserMigration = objMigration.CreateUserMigration
'
'
'
objMigration.IntraForest = True
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objUserMigration.TranslateRoamingProfile = True
objUserMigration.UpdateUserRights = True
objUserMigration.FixGroupMembership = True
objUserMigration.MigrateServiceAccounts = False
'
'
'
objUserMigration.Migrate admtData, Array("user name1" , "user name2" )
Set objUserMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
GUID SID GUID (SID)
(ACL)
Active Directory (ADMT) ADMT
ADMT
1. ADMT ADMT
2.Active Directory (ADMT) [] []
3.
[]
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
[]
[]
ADMT
1. ADMT ADMT
2. ADMT Security ENTER
ADMT SECURITY /N "" "" /SD:"" /TD:"" /TOT:REPLACE /TUP:YES
ADMT SECURITY /N "" "" /O "option_file.txt "
/IF:YES
IntraForest=YES
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/TOT:REPLACE
TranslateOption=REPLACE
/TUP:YES
TranslateUserProfiles=YES
3.
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration")
Set objSecurityTranslation = objMigration.CreateSecurityTranslation
'
'
'
objMigration.IntraForest = True
objMigration.SourceDomain = ""
objMigration.TargetDomain = ""
'
'
'
objSecurityTranslation.TranslationOption = admtTranslateReplace
objSecurityTranslation.TranslateUserProfiles = True
'
'
'
objSecurityTranslation.Translate admtData, _
Array("computer name1" ,"computer name2" )
Set objSecurityTranslation = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
RestartDelay
(Windows XP Service Pack 2 (SP 2) Windows ) Active Directory (ADMT) Windows Windows XP Service Pack 2 (http://go.microsoft.com/fwlink/?LinkId=76705) () Windows Server (http://go.microsoft.com/fwlink/?LinkId=58432) ()
Active Directory
ADMT ADMT
ADMT ADMT
ADMT
1. ADMT ADMT
2.
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
()
[] []
[]
[] (OU) []
[]
[]
[]
ADMT (SID) ADMT
[ ()] [5]
[] [] []
[]
[ADMT Agent]
[] []
3. [] MigrationTaskID.log Windows\ADMT\Logs\Agents
ADMT
1. ADMT ADMT
2. ADMT Computer ENTER
ADMT COMPUTER /N "" "" /IF:YES /SD:"" /TD:"" /TO:"" [/M: 1 2] [/UALLMSA:Yes] /RDL:1
ADMT COMPUTER /N "" "" /O:".txt"
/IF:YES
IntraForest=YES
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
/M /UALLMSA
/M:
UpdateMSAName=
/UALLMSA:YES
UpdateAllManagedServiceAccounts=Yes
/M /UALLMSA
/M 1 2
UPDATEMSANAME= 1 2
/TO:"target_OU"
TargetOU="target_OU"
()
/RDL:5
RestartDelay=5
/CO:IGNORE ()
ConflictOptions=IGNORE
/TOT:ADD
TranslationOption=YES
/TUR:YES
TranslateUserRights=YES
/TLG:YES
TranslateLocalGroups=YES
3. MigrationTaskID.log Windows\ADMT\Logs\Agents
4.Active Directory OU OU
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objComputerMigration
'
' ADMT
'
Set objMigration = CreateObject("ADMT.Migration" )
Set objComputerMigration = objMigration.CreateComputerMigration
'
'
'
objMigration.IntraForest = True
objMigration.SourceDomain = ""
objMigration.SourceOu = ""
objMigration.TargetDomain = ""
objMigration.TargetOu = ""
'
'
'
objComputerMigration.TranslationOption = admtTranslateAdd
objComputerMigration.TranslateLocalGroups = True
objComputerMigration.TranslateUserRights = True
objComputerMigration.UpdateAllManagedServiceAccounts = True
objComputerMigration.RestartDelay = 1
'
'
'
objComputerMigration.Migrate admtData, _
Array("computer name1" ,"computer name2")
Set objComputerMigration = Nothing
Set objMigration = Nothing
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory Active Directory (ADMT) ADMT
ADMT
ADMT ADMT
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
[] [] []
(OU) []
[] OU []
[ SID ] []
[]
ADMT
1. ADMT ADMT
2. ADMT Group ENTER
ADMT GROUP /N "" "" /IF:YES /SD:"" /TD:"" /TO:""
ADMT GROUP /N "" "" /O:".txt"
ADMT v3.1 []
Intra-forest
/IF:YES
IntraForest=YES
/TD:"target_domain"
TargetDomain="target_domain"
/TO:"target_OU"
TargetOU="target_OU"
/CO:IGNORE ()
ConflictOptions=IGNORE
3.
4.Active Directory OU OU
ADMT
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Contoso Corporation Africa EMEA Contoso Windows Server 2003
Contoso
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
ActiveDirectory ActiveDirectory (ADMT) ADMT
ADMT Windows\ADMT\Logs
ADMT
ADMT ADMT 20 ADMT ADMT admit task
admit config logging
ADMT ADMT "admit config logging" "admit task"
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
Active Directory (ADMT) ADMT
Active Directory
Active Directory 3.1 (ADMT 3.1) ADMT 3.2
(ACL) ACL (SID) ACL SID ADMT SID SID
() (SID )
ADMT
ADMT ADMT
[]
SID [] SID
[] [] NetBIOS (DNS) []
(RID) ( FSMO)
[] [] NetBIOS DNS [] []
[] [] [] [] [] []
- -
[] [] []
[][][][] []
[]
ADMT
1. ADMT ADMT
2. ENTER
ADMT Security /N "" "" /SD:"" /TD:""
ADMT Security /N "" "" /O:".txt"
/SD:"source_domain"
SourceDomain="source_domain"
/TD:"target_domain"
TargetDomain="target_domain"
3.
ADMT .wsf AdmtConstants.vbs
Option Explicit
Dim objMigration
Dim objSecurityTranslation
'
'
